Re: syslog-ng+ELK
Michael Shirk wrote: > On May 23, 2015 10:42, "Predrag Punosevac"> wrote: > > > > 5. Finally I am open for simpler ideas. Any opinions on > sysutils/logfmon > > Is it possible to visualize on the web output from logfmon? > > > > Best, > > Predrag Punosevac > > > > There is another aspect to log analysis tools that bothers me the most, > why > must we risk system security to review log files? > > Any of the tools that "work well" open you up to web vulnerabilities, or > cost money in the case of Splunk. I have not had time to work on it, but > I > would like to create a tool that avoids all of the issues of running a > web > service or requiring java. > > My interest is in UNIX system logs and IDS/IPS events, with full packet > captures. The simplest form I have used is with automated processing of > IDS > events, firewall logs, and full pcap data as static files shared on a > webserver. I would be interested in a CLI log viewer with ncurses, or > scripted output (maybe using pipecut to process data as you search for > what > you want in the simplest UNIX way). > > -- > Michael Shirk > Daemon Security, Inc. > http://www.daemon-security.com I am resurrecting this old thread I started almost a year ago in an attempt to learn how other OpenBSD users are managing their centralized logging servers. I also wanted to revisit the issues raised by Mr. Shirk. Namely the problem I am trying to solve seems very common. I am running centralized logging server (syslog-ng) an OpenBSD host. This server receives log files from my heterogeneous network consisting of OpenBSD machines (running syslogd) Red Hat machines (rsyslog), and FreeBSD machines running FreeBSD version of syslogd. I noticed that sending log files generates lots of traffic on my monitoring server in part due to the fact that I am recording lots of noise like last message repeated 10 times Next problem is properly rotating, archiving, and deleting monthly directories containing log files of all my servers. For example directory /var/log/syslog-ng/HOSTS/2016-05 contains log files of all my servers for this month. That is not too useful. Storing them per day would be probably better but having fewer log files just for important things would be even better. Log files are useless unless some kind analytics is run on them. I would like to be able to do real time monitoring for anomalies using a daemon for. The following seems obvious anomalies: 1 . SMART errors (I am big data/machine learning guy so I want to replace failed HDD in timely fashion) even though SMART deamon is sending separate e-mail 2. failing hardware (sensors, IPMI, mcelog) 3. firewall logs 4. IDS/IPS events A daemon should be able to send me an e-mail every couple of hours containing as little noise as possible. So far I have found in ports the following daemons: 1. security/logsurfer (package exists only for i386 and I use amd64) 2. sysutils/logfmon (From looking at /etc/logfmon.conf it looks like it is written to monitor log files on the single OpenBSD machine running syslogd. I don't see how I could monitor entire syslog-ng directories) 3. I noticed that syslog daemons do not work very well as SQL databases as a storage backends. For example LibreNMS has the interface for displaying and searching (manually which makes it useless) syslog files. But MariaDB has to be restarted quite frequently and on the top of it. 4. I am not sure what to think of ELK anymore. The more I learn the less i like it. 5. Finally I stumbled upon echofish https://echothrust.github.io/echofish/ which seems to be repeating old pattern. Using SQL database as a backend and providing UI for searching messages (I can do that using grep) but no e-mail notification when troubles are found. What am I missing here? How do people monitor their log files in the real time. That would seems such an obvious topic for people who care about security. Predrag
Yo, all yous Developers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've just moved an application (written in gprolog) from OBSD_i386 4.1 to 5.9. I needed to recompile things, and some of the periferal glue (sudo, nsupdate...) needed to be added from packages, but so far as I can tell it all works. All told it took me a day. So, my congradulations and thanks. Dhu - -- "Je suis Canadien. Ce n'est pas Francais ou Anglaise. C'est une esp`ece de sauvage" http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt Ne obliviscaris, vix ea nostra voco. iF4EAREIAAYFAlctRFEACgkQiY6AzzR1lzyhLgD+I+aPJLfFUA8C9U/XzzRvMc5c QeeX/jR8k1vRUSBs1JEA/0JELBXHDq+1DE0N1cj5h7BZKuJwA0Xl7H1rH8z46Hvc =+fvw -END PGP SIGNATURE-
Re: Dell XPS13 9333 Touchpad doesn't work
Hi, it might be that you are out of luck with your hardware. If I'm not mistaken, it has a Cypress touchpad, which isn't supported. On 05/06/2016 05:16 AM, Gabriel Guzman wrote: > Hello misc@ > > I have a Dell XPS 13 9333 that I recently installed OpenBSD on. For the > most part everything runs great. WiFi, suspend resume, everything. The > laptop has both a touchscreen and a touchpad. The touchscreen works > just fine, I can use it as a pointing device w/out problems. The > touchpad however doesn't seem to be recognized by the system. I'm not > sure if it's user error or some hardware that's not recognized. dmesg > and other output included below. Anyone have any idea what I might be > able to try to get this working? Plugging in an external mouse also > works just fine. > > Thanks, > gabe. > > > OpenBSD 5.9-current (GENERIC.MP) #2002: Sun May 1 06:35:58 MDT 2016 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8474284032 (8081MB) > avail mem = 8212860928 (7832MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0fc0 (69 entries) > bios0: vendor Dell Inc. version "A06" date 11/07/2014 > bios0: Dell Inc. XPS13 9333 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S3 S4 S5 > acpi0: tables DSDT FACP ASF! HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT SSDT > UEFI POAT BATB FPDT SLIC UEFI SSDT BGRT CSRT > acpi0: wakeup devices P0P1(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) > TPD4(S4) TPD7(S0) TPD8(S0) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) > RP03(S4) PXSX(S4) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.56 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu2: 256KB 64b/line 8-way L2 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 1596.31 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu3: 256KB 64b/line 8-way L2 cache > cpu3: smt 1, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins > acpimcfg0 at acpi0 addr 0xf800, bus 0-63 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (P0P1) > acpiprt2 at acpi0: bus 1 (RP01) > acpiprt3 at acpi0: bus 2 (RP03) > acpiprt4 at acpi0: bus -1 (PEG0) > acpiprt5 at acpi0: bus -1 (PEG1) > acpiprt6 at acpi0: bus -1 (PEG2) > acpiec0 at acpi0 > acpicpu0 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu1 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu2 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu3 at acpi0: C3(200@332 mwait.1@0x50), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpitz0 at acpi0: critical temperature is 105 degC > acpitz1 at acpi0: critical temperature is 105 degC > "PNP0C14" at acpi0 not configured > "INT3F0D" at
Re: Creative USB Headset on 5.9
On Fri, May 6, 2016, at 11:01 PM, joekiser wrote: > > Is this plugged into a USB 2 port? > > Joe No, it was plugged into a USB3 port, it works fine over USB 2! I assume that is a driver limitation? And any idea if it's possible to switch audio devices in xfce4-mixer? It still doesn't show up unfortunately. I've added `sndiod_flags="-f rsnd/1 -f rsnd/0"` to my rc.conf.local, which falls back to the internal speakers when the headset isn't connected, but it would be a lot nicer if I could change it easily at runtime through the mixer. Thanks! Jakob
Re: Creative USB Headset on 5.9
On Fri, May 6, 2016, at 15:16, Jakob Gillich wrote: > I'm pretty new to OpenBSD in general, and recently installed 5.9. Now > I'm wondering if it's possible to get my USB headset working. According > to dmesg, a audio1 device gets created: > [snip] > > Does this mean it's not supported, or is there anything else I could > try? > Is this plugged into a USB 2 port? Joe
Creative USB Headset on 5.9
I'm pretty new to OpenBSD in general, and recently installed 5.9. Now I'm wondering if it's possible to get my USB headset working. According to dmesg, a audio1 device gets created: uaudio0 at uhub0 port 4 configuration 1 interface 0 "Creative Technology Ltd. SB Tactic(3D) Wrath Wireless" rev 1.10/1.00 addr 3 uaudio_identify_ac: skip desc type=0x04 uaudio0: audio rev 1.00, 4 mixer controls audio1 at uaudio0 uhidev5 at uhub0 port 4 configuration 1 interface 3 "Creative Technology Ltd. SB Tactic(3D) Wrath Wireless" rev 1.10/1.00 addr 3 uhidev5: iclass 3/0, 255 report ids uhid9 at uhidev5 reportid 1: input=4, output=0, feature=0 ukbd3 at uhidev5 reportid 2: 4 variable keys, 1 key codes wskbd4 at ukbd3 mux 1 wskbd4: connecting to wsdisplay0 uhid at uhidev5 not configured But it doesn't show up in xfce4-mixer, and direct playback fails as well: $ cat /dev/urandom > /dev/audio1 cat: stdout: Input/output error Does this mean it's not supported, or is there anything else I could try?
Re: dhclient.conf and hostname.if
On Fri, May 06, 2016 at 06:21:00AM -0600, Duncan Patton a Campbell wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Fri, 06 May 2016 12:06:58 +0100 > Mark Carrollwrote: > > > On 06 May 2016, Duncan Patton a. Campbell wrote: > > > > > Is there any similar tag to access the addess assigned by dhcp? > > > What other mechanisms exist to update dynamic dns assignments? > > > > Could ifstated(8) help here? I've separately wondered if I ought to be > > using it to kick pf because it otherwise doesn't realize that 'self' > > includes the address eventually assigned by PPP. > > > > -- Mark > > > > Yes. Looking at the man page this might be a way to do what I want. > ...just need to sort out the macro language in man ifstated.conf ;^) ifstated looks at the physical link of an interface. In ifconfig output this is the line starting with status. This state does not change when a new address is assigned to an interface. Remi
Re: non-wintel hardware choices
Michael, The challenge is device drivers for the video cards. Especially in the PA-RISC case because there really is no documentation for them. I've spent some time on the HP end of things and unfortunately was in over my head pretty quickly. Thanks, Bryan On Fri, May 6, 2016 at 10:54 AM, Michael Lambertwrote: >> On 5 May 2016, at 19:52, Bryan Everly wrote: >> >> Unfortunately PA-RISC doesn't have X support at the console. You can >> run X on it and have the Windows render on a SPARC, MIPS or Intel >> platform though. > > Neither does Alpha (AXP). Does anyone know if there are blockers in building > xenocara on these platforms or there just isn't enough interest for anyone to > try seriously? > > Thanks, > > Michael
Re: [patch] bgpctl more info in terse format
On Mon, Apr 18, 2016 at 08:09:50PM +0200, Claudio Jeker wrote: > The idea of terse is that you don't need to parse. So in a way I agree > with the diff. What I don't like is the inclusion of the number of > prefixes. That count requires a roundtrip to the RDE to find and sometimes > this takes a while. I would prefer if we could leave that out. > Here is a new diff that only prints uptime. Denis Index: bgpctl.c === RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v retrieving revision 1.187 diff -u -p -r1.187 bgpctl.c --- bgpctl.c5 Dec 2015 13:17:05 - 1.187 +++ bgpctl.c6 May 2016 18:36:10 - @@ -584,8 +584,9 @@ show_summary_terse_msg(struct imsg *imsg p = imsg->data; s = fmt_peer(p->conf.descr, >conf.remote_addr, p->conf.remote_masklen, nodescr); - printf("%s %s %s\n", s, log_as(p->conf.remote_as), - p->conf.template ? "Template" : statenames[p->state]); + printf("%s %s %s %llu\n", s, log_as(p->conf.remote_as), + p->conf.template ? "Template" : statenames[p->state], + (time(NULL) - p->stats.last_updown)); free(s); break; case IMSG_CTL_END:
[no subject]
Re: Performance of Firefox and Chromium > I'm not sure what hardware you guys run OpenBSD on, but on my (old, > crusty, crummy, shitty) laptop, it and a lot of Gui-requiring and My laptop was made in 2008, my desktop in 2002. > javascript heavy sites send > javascript from many domains which is slow and insecure and probably > increases threading a lot by it's distributed nature. I blame a lot on Javascipt libraries like Ajax where lazy webmasters include them to use 1% of what they stick in the page. But yes, every page requires 50 or so DNS lookups. And web pages have gotten to be 3 megabytes and over. And web servers have timeouts so lots of times I see them time out before the pages load, I have to hit reload 5-10 times fairly often. The OpenBSD site is fast, stupid sites like Facebook I avoid. -- Credit is the root of all evil. - AB1JX
Re: non-wintel hardware choices
> On 5 May 2016, at 19:52, Bryan Everlywrote: > > Unfortunately PA-RISC doesn't have X support at the console. You can > run X on it and have the Windows render on a SPARC, MIPS or Intel > platform though. Neither does Alpha (AXP). Does anyone know if there are blockers in building xenocara on these platforms or there just isn't enough interest for anyone to try seriously? Thanks, Michael
Re: non-wintel hardware choices
Hi, Bryan Everly wrote: Unfortunately PA-RISC doesn't have X support at the console. You can run X on it and have the Windows render on a SPARC, MIPS or Intel platform though. sorry, didn't know that. I always did run my HP hardware headless... so I never noticed. I always liked the CPU since University... I am sad that it morphed into Itanic and now drowns to oblivion. Riccardo
Re: Short maximum interpreter length
> Why is MAXINTERP in only 128? I can think of a few: > > 1. It's been that way a while and nobody's complained > 2. If someone's shebangs are longer than that, they're probably doing > whatever they're doing horribly, horribly wrong > 3. Historical compatibility > > Is it one of those? If not, is it something else? If this value gets increased, some script writers might start relying on it. There is still rough consensus that it is "a good thing" if shell scripts are somewhat portable. Increasing it brings no real benefit. Only possible downsites when high values are abused. I'd say that is end of the story.
Re: dhclient.conf and hostname.if
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 06 May 2016 12:06:58 +0100 Mark Carrollwrote: > On 06 May 2016, Duncan Patton a. Campbell wrote: > > > Is there any similar tag to access the addess assigned by dhcp? > > What other mechanisms exist to update dynamic dns assignments? > > Could ifstated(8) help here? I've separately wondered if I ought to be > using it to kick pf because it otherwise doesn't realize that 'self' > includes the address eventually assigned by PPP. > > -- Mark > Yes. Looking at the man page this might be a way to do what I want. ...just need to sort out the macro language in man ifstated.conf ;^) Thanks, Dhu - -- "Je suis Canadien. Ce n'est pas Francais ou Anglaise. C'est une esp`ece de sauvage" http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt Ne obliviscaris, vix ea nostra voco. iF4EAREIAAYFAlcsjCwACgkQiY6AzzR1lzzC3QEAhekbOo4bNOTMZ2Z0bSXgFkR/ o30ZMry21Ue0eDlnUmUA/jOMpk4pDBZHXh/NDWVl7TjJfr6TDGftTzsK3N1GyBKV =a1Z5 -END PGP SIGNATURE-
Re: dhclient.conf and hostname.if
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 6 May 2016 11:56:31 +0100 Raf Czlonkawrote: > On Fri, May 06, 2016 at 11:35:47AM BST, Duncan Patton a Campbell > wrote: > > > > Back when the script tag was removed from dhclient.conf the > > functionality to do external commands was ostensibly moved > > into hostname.if via the > > > > !command mechanism. > > > > in man hostname.if it says > > > > "It is worth noting that ``\$if'' in a command > > line will be replaced by the interface name" > > > > Is there any similar tag to access the addess assigned by dhcp? > > What other mechanisms exist to update dynamic dns assignments? > > Hi Duncan, > > Not sure if I understood you correctly but doesn't > > send host-name ... > - From my reading of man dhclient.conf this will send the local box's hostname to it's dhcp server and I'm looking to send the local box's just assigned dhcp_ip to a nameserver using nsupdate. Thanks Dhu > in dhclient.conf(5) do what you want? > > Regards, > > Raf > - -- "Je suis Canadien. Ce n'est pas Francais ou Anglaise. C'est une esp`ece de sauvage" http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt Ne obliviscaris, vix ea nostra voco. iF4EAREIAAYFAlcsiOUACgkQiY6AzzR1lzzN0AEA0a606QNYiWtTjBMh/keDxbUm STv6xWmwQ9KmzUIi21IA/309BUahCATDLfNBSOc4AF8frOpDy3ZMhr6qYHzKiLQo =HWd1 -END PGP SIGNATURE-
Re: dhclient.conf and hostname.if
On 06 May 2016, Duncan Patton a. Campbell wrote: > Is there any similar tag to access the addess assigned by dhcp? > What other mechanisms exist to update dynamic dns assignments? Could ifstated(8) help here? I've separately wondered if I ought to be using it to kick pf because it otherwise doesn't realize that 'self' includes the address eventually assigned by PPP. -- Mark
Re: SMP implementation
On 05/05/16(Thu) 19:03, Pavan Maddamsetti wrote: > I have been reading about ongoing improvements to SMP in OpenBSD. My > understanding is that context switching from userspace to the kernel can be > hazardous if shared resources are not protected by locking. The context switching it not the problem, the problem is that if two CPUs modify kernel states at the same time corruptions are very likely to happen. Why? Simply because the kernel hasn't been written to be executed on multiple CPUs simultaneously. > OpenBSD > currently has a "giant lock" for safe concurrent access to kernel data > structures. It will eventually be replaced by finer grained locking in > order for the kernel to execute on multiple CPUs simultaneously. Well a "giant lock" prevent concurrent access in order to guarantee data integrity. > Has any thought been given to an alternative design where each CPU has its > own thread scheduler, like DragonFly BSD? Certainly, people talk a lot! Now keep in mind that having a different scheduling class for kernel threads wont prevent kernel threads from accessing shared data concurrently.
Re: dhclient.conf and hostname.if
On Fri, May 06, 2016 at 11:35:47AM BST, Duncan Patton a Campbell wrote: > > Back when the script tag was removed from dhclient.conf the > functionality to do external commands was ostensibly moved > into hostname.if via the > > !command mechanism. > > in man hostname.if it says > > "It is worth noting that ``\$if'' in a command > line will be replaced by the interface name" > > Is there any similar tag to access the addess assigned by dhcp? > What other mechanisms exist to update dynamic dns assignments? Hi Duncan, Not sure if I understood you correctly but doesn't send host-name ... in dhclient.conf(5) do what you want? Regards, Raf
dhclient.conf and hostname.if
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Back when the script tag was removed from dhclient.conf the functionality to do external commands was ostensibly moved into hostname.if via the !command mechanism. in man hostname.if it says "It is worth noting that ``\$if'' in a command line will be replaced by the interface name" Is there any similar tag to access the addess assigned by dhcp? What other mechanisms exist to update dynamic dns assignments? Thanks, Dhu - -- http://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt Ne obliviscaris, vix ea nostra voco. iF4EAREIAAYFAlcsc4MACgkQiY6AzzR1lzykrQD/eTAfofD79x5CKeGVC33iZKOR TGNzYAYvkDTH6tYFfE0A/i7bQS3g6Thd3IAMLFkA5wudGAJwi3he0dQuPRhvKcP0 =6eqc -END PGP SIGNATURE-